:Running out of swap can be easily done by normal user privilege.
:Non-overcommiting system can run important application on the system
:which has a normal user, because it never lose critical data, even if
:a user on the system make a mistake. (The application might stop,
:but it never lose data.)
:
:4.4BSD derived system cannot do this, and have to use different
:machine for such applications.
:...
:
:8x or more?
:That's wrong. It depends.
:--
:soda
If you are talking about a user intentionally attempting to run a system
out of swap, it is fairly easy to do whether the system uses an overcommit
model or not. The user has any number of ways of blowing the server up
too - for example, by making thousands of connections to it or running
many huge queries in parallel.
A machine which is running a critical server is not a multi-user machine
by definition, precisely because of this point. No reservation model
will save you from a user hell-bent on screwing your machine up, there
are too many ways to do it.
The reality is, again, that a properly configured system will not run out
of swap. Reliability is a statistical function... if the chance of
a system running out of swap is 1 hour of down time per thousand years,
that is a probability that can be ignored because there are plenty of
other potential problems that will result in more down time.
-Matt
Matthew Dillon
<dillon@backplane.com>